PT-2019-1082 · Red Hat+1 · Ipa+2

Todd Lipcon

Published

2019-11-27

Updated

2021-12-06

CVE-2019-14867

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IPA versions 4.6.x before 4.6.7 IPA versions 4.7.x before 4.7.4 IPA versions 4.8.x before 4.8.3

Description A flaw was found in the way the internal function ber scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or, in some conditions, execute arbitrary code on the server hosting the IPA server.

Recommendations For IPA versions 4.6.x before 4.6.7, update to version 4.6.7 or later. For IPA versions 4.7.x before 4.7.4, update to version 4.7.4 or later. For IPA versions 4.8.x before 4.8.3, update to version 4.8.3 or later.

Fix

Code Injection

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-400

Related Identifiers

ALBA-2019:4268

ALT-PU-2019-3193

ALT-PU-2019-3206

CVE-2019-14867

GHSA-7HPJ-HFCR-5QWM

PYSEC-2019-28

PYSEC-2019-98

RHSA-2020:0378

RHSA-2020:1269

RHSA-2020_0378

Affected Products

Alt Linux

Ipa

Red Hat

PT-2019-1082 · Red Hat+1 · Ipa+2

CVE-2019-14867

Weakness Enumeration

Related Identifiers

Affected Products

References · 37